pipeline: add symfony app generic integration pipeline
This commit is contained in:
parent
ce2c30003e
commit
d50a9c6b77
|
@ -0,0 +1,41 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$finder = PhpCsFixer\Finder::create()
|
||||||
|
->in(__DIR__.'/src')
|
||||||
|
->name('*.php')
|
||||||
|
;
|
||||||
|
|
||||||
|
return (new PhpCsFixer\Config())
|
||||||
|
->setRules([
|
||||||
|
'@Symfony' => true,
|
||||||
|
'concat_space' => ['spacing' => 'none'],
|
||||||
|
'array_syntax' => ['syntax' => 'short'],
|
||||||
|
'combine_consecutive_issets' => true,
|
||||||
|
'explicit_indirect_variable' => true,
|
||||||
|
'no_useless_return' => true,
|
||||||
|
'ordered_imports' => true,
|
||||||
|
'no_unused_imports' => true,
|
||||||
|
'no_spaces_after_function_name' => true,
|
||||||
|
'no_spaces_inside_parenthesis' => true,
|
||||||
|
'ternary_operator_spaces' => true,
|
||||||
|
'class_definition' => ['single_line' => true],
|
||||||
|
'whitespace_after_comma_in_array' => true,
|
||||||
|
'phpdoc_add_missing_param_annotation' => ['only_untyped' => true],
|
||||||
|
'phpdoc_order' => true,
|
||||||
|
'phpdoc_types_order' => [
|
||||||
|
'null_adjustment' => 'always_last',
|
||||||
|
'sort_algorithm' => 'alpha',
|
||||||
|
],
|
||||||
|
'phpdoc_no_empty_return' => false,
|
||||||
|
'phpdoc_summary' => false,
|
||||||
|
'general_phpdoc_annotation_remove' => [
|
||||||
|
'annotations' => [
|
||||||
|
'expectedExceptionMessageRegExp',
|
||||||
|
'expectedException',
|
||||||
|
'expectedExceptionMessage',
|
||||||
|
'author',
|
||||||
|
],
|
||||||
|
],
|
||||||
|
])
|
||||||
|
->setFinder($finder)
|
||||||
|
;
|
|
@ -0,0 +1,42 @@
|
||||||
|
ARG PHP_SECURITY_CHECKER_VERSION=1.0.0
|
||||||
|
ARG JQ_VERSION=1.6
|
||||||
|
|
||||||
|
RUN apt update && \
|
||||||
|
DEBIAN_FRONTEND=noninteractive apt-get install -y \
|
||||||
|
wget tar curl ca-certificates \
|
||||||
|
openssl bash git unzip \
|
||||||
|
php-cli php-dom php-mbstring php-ctype php-xml php-iconv
|
||||||
|
|
||||||
|
COPY add-letsencrypt-ca.sh /root/add-letsencrypt-ca.sh
|
||||||
|
|
||||||
|
RUN bash /root/add-letsencrypt-ca.sh \
|
||||||
|
&& rm -f /root/add-letsencrypt-ca.sh
|
||||||
|
|
||||||
|
RUN wget -O /usr/local/bin/jq https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 \
|
||||||
|
&& chmod +x /usr/local/bin/jq
|
||||||
|
|
||||||
|
# Install local-php-security-checker
|
||||||
|
RUN wget -O /usr/local/bin/local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/download/v${PHP_SECURITY_CHECKER_VERSION}/local-php-security-checker_${PHP_SECURITY_CHECKER_VERSION}_linux_amd64 \
|
||||||
|
&& chmod +x /usr/local/bin/local-php-security-checker
|
||||||
|
|
||||||
|
# Install junit2md
|
||||||
|
RUN junit2md_download_url=$(curl "https://forge.cadoles.com/api/v1/repos/Cadoles/junit2md/releases" -H "accept:application/json" | jq -r 'sort_by(.published_at) | reverse | .[0] | .assets[] | select(.name == "junit2md-linux-amd64.tar.gz") | .browser_download_url') \
|
||||||
|
&& wget -O junit2md-linux-amd64.tar.gz "$junit2md_download_url" \
|
||||||
|
&& tar -xzf junit2md-linux-amd64.tar.gz \
|
||||||
|
&& cp junit2md-linux-amd64/junit2md /usr/local/bin/junit2md
|
||||||
|
|
||||||
|
# Install composer
|
||||||
|
RUN wget https://raw.githubusercontent.com/composer/getcomposer.org/76a7060ccb93902cd7576b67264ad91c8a2700e2/web/installer -O - -q | php -- --force --install-dir /usr/local/bin --filename composer \
|
||||||
|
&& chmod +x /usr/local/bin/composer
|
||||||
|
|
||||||
|
# Install php-cs-fixer
|
||||||
|
RUN mkdir --parents /tools/php-cs-fixer \
|
||||||
|
&& composer require --working-dir=/tools/php-cs-fixer friendsofphp/php-cs-fixer \
|
||||||
|
&& ln -s /tools/php-cs-fixer/vendor/bin/php-cs-fixer /usr/local/bin/php-cs-fixer
|
||||||
|
|
||||||
|
# Install php-stan
|
||||||
|
RUN mkdir --parents /tools/phpstan \
|
||||||
|
&& composer require --working-dir=/tools/phpstan phpstan/phpstan \
|
||||||
|
&& ln -s /tools/phpstan/vendor/bin/phpstan /usr/local/bin/phpstan \
|
||||||
|
&& composer require --working-dir=/tools/phpstan phpstan/phpstan-symfony \
|
||||||
|
&& composer require --working-dir=/tools/phpstan phpstan/phpstan-doctrine
|
|
@ -0,0 +1,4 @@
|
||||||
|
includes:
|
||||||
|
- /tools/phpstan/vendor/phpstan/phpstan-symfony/extension.neon
|
||||||
|
- /tools/phpstan/vendor/phpstan/phpstan-doctrine/extension.neon
|
||||||
|
- /tools/phpstan/vendor/phpstan/phpstan-doctrine/rules.neon
|
|
@ -0,0 +1,40 @@
|
||||||
|
def commentPullRequest(String repo, String issueId, String comment, Integer commentIndex = 0) {
|
||||||
|
comment = comment.replaceAll('"', '\\"')
|
||||||
|
withCredentials([
|
||||||
|
string(credentialsId: 'GITEA_JENKINS_PERSONAL_TOKEN', variable: 'GITEA_TOKEN'),
|
||||||
|
]) {
|
||||||
|
writeFile(file: ".prComment", text: comment)
|
||||||
|
sh """#!/bin/bash
|
||||||
|
set -xeo pipefail
|
||||||
|
|
||||||
|
# Récupération si il existe du commentaire existant
|
||||||
|
previous_comment_id=\$(curl -v --fail \
|
||||||
|
-H "Authorization: token ${GITEA_TOKEN}" \
|
||||||
|
-H "Content-Type: application/json" \
|
||||||
|
https://forge.cadoles.com/api/v1/repos/${repo}/issues/${issueId}/comments \
|
||||||
|
| jq -c '[ .[] | select(.user.login=="jenkins") ] | .[${commentIndex}] | .id' \
|
||||||
|
)
|
||||||
|
|
||||||
|
# Génération du payload pour l'API Gitea
|
||||||
|
echo '{}' | jq -c --rawfile body .prComment '.body = \$body' > payload.json
|
||||||
|
|
||||||
|
if [[ "\$previous_comment_id" == "null" ]]; then
|
||||||
|
# Création du commentaire via l'API Gitea
|
||||||
|
curl -v --fail \
|
||||||
|
-XPOST \
|
||||||
|
-H "Authorization: token ${GITEA_TOKEN}" \
|
||||||
|
-H "Content-Type: application/json" \
|
||||||
|
-d @payload.json \
|
||||||
|
https://forge.cadoles.com/api/v1/repos/${repo}/issues/${issueId}/comments
|
||||||
|
else
|
||||||
|
# Modification du commentaire existant
|
||||||
|
curl -v --fail \
|
||||||
|
-XPATCH \
|
||||||
|
-H "Authorization: token ${GITEA_TOKEN}" \
|
||||||
|
-H "Content-Type: application/json" \
|
||||||
|
-d @payload.json \
|
||||||
|
https://forge.cadoles.com/api/v1/repos/${repo}/issues/comments/\$previous_comment_id
|
||||||
|
fi
|
||||||
|
"""
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,115 @@
|
||||||
|
import org.jenkinsci.plugins.pipeline.modeldefinition.Utils
|
||||||
|
|
||||||
|
def call(String baseImage = "ubuntu:22.04") {
|
||||||
|
node {
|
||||||
|
stage("Checkout project") {
|
||||||
|
checkout(scm)
|
||||||
|
}
|
||||||
|
|
||||||
|
stage('Run in Symfony image') {
|
||||||
|
def symfonyImage = buildDockerImage(baseImage)
|
||||||
|
symfonyImage.inside() {
|
||||||
|
def repo = env.JOB_NAME
|
||||||
|
if (env.BRANCH_NAME ==~ /^PR-.*$/) {
|
||||||
|
repo = env.JOB_NAME - "/${env.JOB_BASE_NAME}"
|
||||||
|
}
|
||||||
|
|
||||||
|
stage("Install composer dependencies") {
|
||||||
|
sh '''
|
||||||
|
composer install
|
||||||
|
'''
|
||||||
|
}
|
||||||
|
|
||||||
|
parallel([
|
||||||
|
'php-security-check': {
|
||||||
|
stage("Check PHP security issues") {
|
||||||
|
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
|
||||||
|
def auditReport = sh(script: "local-php-security-checker --format=markdown || true", returnStdout: true)
|
||||||
|
if (auditReport.trim() != "") {
|
||||||
|
if (env.CHANGE_ID) {
|
||||||
|
gitea.commentPullRequest(repo, env.CHANGE_ID, auditReport, 0)
|
||||||
|
} else {
|
||||||
|
print auditReport
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!auditReport.contains("No packages have known vulnerabilities.")) {
|
||||||
|
throw new Exception("Dependencies check failed !")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
'php-cs-fixer': {
|
||||||
|
stage("Run PHP-CS-Fixer on modified code") {
|
||||||
|
catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') {
|
||||||
|
if ( !fileExists('.php-cs-fixer.dist.php') ) {
|
||||||
|
def phpCsFixerConfig = libraryResource 'com/cadoles/symfony/.php-cs-fixer.dist.php'
|
||||||
|
writeFile file:'.php-cs-fixer.dist.php', text:phpCsFixerConfig
|
||||||
|
}
|
||||||
|
|
||||||
|
sh '''
|
||||||
|
CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRTUXB "HEAD~..HEAD" | fgrep ".php" | tr "\n" " ")
|
||||||
|
if ! echo "${CHANGED_FILES}" | grep -qE "^(\\.php-cs-fixer(\\.dist)\\.php?|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi
|
||||||
|
php-cs-fixer fix -v --dry-run --using-cache=no --format junit > php-cs-fixer.xml ${EXTRA_ARGS}
|
||||||
|
'''
|
||||||
|
def report = sh(script: "junit2md php-cs-fixer.xml", returnStdout: true)
|
||||||
|
if (env.CHANGE_ID) {
|
||||||
|
gitea.commentPullRequest(repo, env.CHANGE_ID, report, 1)
|
||||||
|
} else {
|
||||||
|
print report
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
'phpstan': {
|
||||||
|
stage("Run phpstan") {
|
||||||
|
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
|
||||||
|
if ( !fileExists('phpstan.neon') ) {
|
||||||
|
def phpStanConfig = libraryResource 'com/cadoles/symfony/phpstan.neon'
|
||||||
|
writeFile file:'phpstan.neon', text:phpStanConfig
|
||||||
|
}
|
||||||
|
sh '''
|
||||||
|
phpstan analyze -l 1 --error-format=table src > phpstan.txt || true
|
||||||
|
'''
|
||||||
|
def report = sh(script: "cat phpstan.txt", returnStdout: true)
|
||||||
|
report = "## Rapport PHPStan\n\n```\n" + report
|
||||||
|
report = report + "\n```\n"
|
||||||
|
if (env.CHANGE_ID) {
|
||||||
|
gitea.commentPullRequest(repo, env.CHANGE_ID, report, 2)
|
||||||
|
} else {
|
||||||
|
print report
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
def buildDockerImage(String baseImage) {
|
||||||
|
def imageName = "cadoles-symfony-ci"
|
||||||
|
dir (".${imageName}") {
|
||||||
|
def dockerfile = libraryResource 'com/cadoles/symfony/Dockerfile'
|
||||||
|
writeFile file:'Dockerfile', text: "FROM ${baseImage}\n\n" + dockerfile
|
||||||
|
|
||||||
|
def addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh'
|
||||||
|
writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA
|
||||||
|
|
||||||
|
def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
|
||||||
|
def imageTag = "${safeJobName}-${env.BUILD_ID}"
|
||||||
|
return docker.build("${imageName}:${imageTag}", ".")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
def when(boolean condition, body) {
|
||||||
|
def config = [:]
|
||||||
|
body.resolveStrategy = Closure.OWNER_FIRST
|
||||||
|
body.delegate = config
|
||||||
|
|
||||||
|
if (condition) {
|
||||||
|
body()
|
||||||
|
} else {
|
||||||
|
Utils.markStageSkippedForConditional(STAGE_NAME)
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue